#Best Practice# Sangfor Network Secure NSF 8.0.85 Hardening Guide v1
  

yakubi Lv3Posted 02 Sep 2024 13:39

*Product: NSF
*Version: 8.0.85

Hello everyone,

I hope this post finds you well!

I'm excited to share a comprehensive hardening guide that I've developed for Sangfor Network Secure. This guide is designed to help enhance the security posture of Sangfor Network Secure deployments by addressing key system, network, and security settings.

Why This Guide?
The configurations and best practices outlined in this guide are aimed at strengthening the security of your Sangfor firewall. By implementing these recommendations, you can significantly improve your firewall's defenses against potential threats and ensure a more robust network security posture.

Here's an overview of what's included in the guide:

System Settings:
  • Ensure Password Expiration is set to 90 days
  • Ensure Web Session timeout is set to less than or equal to 10 minutes
  • Ensure management GUI listens on secure TLS version
  • Ensure default Admin ports are changed
  • Ensure the time zone is properly configured
  • Ensure the latest firmware is installed
  • Ensure admin accounts with different privileges have their correct profiles assigned
  • Ensure no expired subscription licenses
  • Ensure the hostname is set




Network Settings:
  • Ensure Secure DNS Configuration
  • Ensure unused interfaces are disabled
  • Ensure IPv6 is disabled if not used
  • Disable all management related to WAN Port




Security Settings:
  • Ensure the maximum number of failed attempts allowed is set to 5 or fewer
  • Ensure logging is enabled on all firewall policies
  • Ensure that anti-Dos/DDOS is enabled to protect the physical firewall
  • Apply IPS security policies for Internet and Server Scenario
  • Detect botnet connection
  • Ensure ARP spoofing protection is enabled
  • Ensure the Web filter is set to block high-risk categories
  • Block high-risk categories on Application Control
  • Ensure Site-to-Site IPSec VPN is not configured with “Aggressive Mode”
  • Ensure Ransomware protection is enabled
  • Ensure that unused policies are reviewed regularly




Discussion and Feedback:

I'd love to hear your thoughts on this guide. If you have any questions, suggestions, or additional tips related to Sangfor Network Secure hardening, please share them in the comments. Let's collaborate to enhance our firewall security practices!

Thank you, and I look forward to your feedback!


Download the Guide: You can access the full guide here.

Sangfor Network Secure Hardening Guide v1.pdf

623.2 KB, Downloads: 51

Like this topic? Like it or reward the author.

Creating a topic earns you 5 coins. A featured or excellent topic earns you more coins. What is Coin?

Enter your mobile phone number and company name for better service. Go

Enrico Vanzetto Lv4Posted 02 Sep 2024 19:11
  
Hi, thanks for sharing